Closed AndrewBelt closed 3 years ago
I will try the approach I used at some point which was unloading it (with ffi = nil
) and also unloading the function to reload it require = nill
. I believe there's no other way of bring it back.
Okay, I suspected that could be done but wanted to be sure!
If it's not possible. I can add a runtime flag to make possible instantiating both versions (ffi and non-ffi). The regular Lua scripts would use non-ffi engine while the Vult (generated Lua) would use the ffi and take advantage of the speed.
The Vult code would be safe to run if I remove in the embedded compiler the possibility of declaring external functions. That way the Vult code can only use the safe builtin functions and the ones the user declares.
I haven't heard from you in a few days so I'm going to release it as-is, but I really need you to make this change ASAP in the next version.
The initial idea works fine. It also disables loading any other library apart from the preloaded ones. I pushed the fix in 33fed251303917f3a9bdc250df6af97f6246731c
Looks like it works great. Removed other functions like load()
.
FFI may be used to break from the security sandbox. Please remove this, or prove that it cannot be used to break from the sandbox.